Almost 90 percent say they're prepared for password-based attacks -- but half still fall for them

A new report from Axiad shows that 88 percent of IT professionals feel their company is prepared to defend against a password-based cyberattack, yet 52 percent say their business has fallen victim to one within the last year.

Based on over 200 responses from US IT pros, the study shows 39 percent think phishing is the most feared cyberattack, while 49 percent say it's the attack most likely to happen.

Despite weaknesses though, 93 percent of respondents are still using passwords for business, citing the biggest reasons they still use them as fear of change (64 percent), the potential need to rip and replace technology (54 percent), time constraints (51 percent) and lack of staff (25 percent).

When asked whose fault they think exploited passwords are, respondents' answers vary. IT staff are blamed by 35 percent, end users (32 percent), security teams (25 percent) and leadership (eight percent).

When asked what technologies they will use over the next year, 45 percent say they'll turn to passwordless technology, and 27 percent will use phishing-resistant multi-factor authentication (MFA).

Asked to name which recent guidance has most impacted their organization's authentication strategy, the Cybersecurity and Infrastructure Security Agency (CISA) comes out on top (41 percent), followed by the National Institute of Standards and Technology (NIST) (26 percent) and the White House Office of Management and Budget (OMB) (13 percent).

"Generative AI has significantly lowered the entry barrier for cybercriminals to craft highly effective phishing emails, and when you combine that with poor password management, it's no surprise that the volume of successful phishing and password-based attacks continues to skyrocket," says Bassam Al-Khalidi, co-founder and co-CEO of Axiad. "The survey results are alarming because, despite the rising number of these cyberattacks, most companies are still stuck in the status quo of using passwords as their primary method of authentication. Fear of change is no excuse. Organizations need to act now to combat advanced cybercriminals, or they will continue to be at risk. In today's threat landscape, the most effective thing they can do to bolster their cybersecurity posture is implement passwordless authentication and phishing-resistant MFA."

The full report is available from the Axiad site and there's an infographic summary below.

Image credit: Wavebreakmedia/depositphotos.com